CVE-2010-1616 Moodle can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

CVE-2010-1617 user/view.php does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

CVE-2010-1618 A Cross-site scripting (XSS) vulnerability in the phpCAS client library allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

CVE-2010-2231 A Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

This security update switches to a new upstream version and requiresdatabase updates. After installing the fixed package, you must visithttp://localhost/moodle/admin/] and follow the update instructions.

For the stable distribution (lenny), these problems have been fixed inversion 1.8.13-1.

For the unstable distribution (sid), these problems have been fixed inversion 1.9.9.dfsg2-1.

We recommend that you upgrade your moodle package.

Upgrade instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: